Lit Fibre (UK) IPv6 stopped after powercut
-
@Gertjan it's brave browser so the left icon is that the the inbuilt "shields" are active the right one is Brave rewards.
-
Yeah, get that
And why the red triangle with the warning ?
"test-ipv6.com is script based, and the script ... tests the IPv6 capabilities. If something failed, it shows you are IPv4 only, and maybe this isn't the case.I find it still hard to believe yo use a phone connection without IPv6 ... There are no free
IPv6IPv4 ! left, no where, and people didn't stop buying phones, so IPv6 isn't really an option these days.Are you sure IPv6 isn't disabled in your phone ? Just asking, as I don't recognize what phone OS you are using, it doesn't look like mine.
-
@Gertjan sorry not following.
The right icon, the triangle is brave rewards so the warning is that brave rewards is not contributing to the page.
"I find it still hard to believe yo use a phone connection without IPv6 ... There are no free IPv6 left, no where, and people didn't stop buying phones, so IPv6 isn't really an option these days."
I presume you meant IPv4 here?
As for phone OS, bog standard Android 15 with March security patches on a pixel 9 pro and ipv6 is enabled as test-ipv6.com worked fine when fibre service was.
-
@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
I presume you meant IPv4 here?
Great, yeah, you're right.edit : your phone OS seems recent.
So it's your "phone data carrier ISP" ....
Very soon, they will have IPv6 - or leave the market. -
@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
Image doesn't want to appear so I'll share when back on desktop.
That's surprising. That's on your cell network, not WiFi?
Maybe you should ask your cell carrier about that. Also, depending on your plan, you may or may not have tethering. You can ask about that too.
As I said yesterday, I suspect your IPv6 problem may be due to the work your ISP is doing to merge companies. Maybe you can ask them about that too.
The reason the cell networks are supposed to have IPv6 is they're moving to VoIP, with VoLTE on 4G and VoNR on 5G. That requires a network working the way the network gods intended, without crap like NAT getting in the way.
-
@JKnott Must admit i was expecting it too lol
Yes thats just on cellular with the wifi disabled. Tethering works fine but same result
I've dropped an email to their support and referenced this forum post
-
Got my first response.
I have advised that traceroutes are hitting an address outside of my local range so see what is said.
Does it matter at all that the service is CG-Nat but i pay for a static IPv4? CG-Nat isn't something i'm hugely familar with
-
Looks like it's my config but i can't see where as I thought tracking the WAN interface for LAN should work.
WAN interface:-
🔒 Log in to viewLAN interface:-
🔒 Log in to viewShould the prefix ID here be set to 48 also?
-
@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
I have advised that traceroutes are hitting an address outside of my local range so see what is said.
Yeah, it can be fun dealing with an ISP's help(?) desk. About 6 years ago, I had a problem with IPv6 on mine. I was able to use my cell phone to help prove things. I was able to demonstrate to someone on 2nd level support (I rarely waste my time with 1st level) that the problem was not on my end, but those who should have investigated further didn't do anything. I did more testing on my own, with Wireshark, and saw an error message in the DHCP6 sequence which identified the failing equipment by host name. Even then, they wouldn't do anything. Eventually, a senior tech came to my home with his own computer and cable modem and also experienced the same failure. He then went to the office I was connected to and tried with 4 different CMTS. It failed only on the one I was connected to and precisely the one I had identified. Only then was the problem resolved. Also, in all this, I found I had to teach the people at my ISP about IPv6, because I knew more about it than they did!
Side note, 2 years ago, I was doing some work in that ISP's office and actually found the CMTS I was connected to.
Does it matter at all that the service is CG-Nat but i pay for a static IPv4? CG-Nat isn't something i'm hugely familar with
CGNAT is how you get IPv4 and should have nothing to do with IPv6. However, static IPv4 and CGNAT are contradictory. If you have a static address, it shouldn't be through NAT. Is your address in the range 100.64.0.0 to 100.127.255.255, as normally used for CGNAT?
BTW, I would expect CGNAT to be used on your cell phone. If your cell provider supports IPv6, I would expect your phone's IPv4 address to be something like 192.0.0.4, which is used with something called 464XLAT, which is used to convert IPv4 to IPv6 for an IPv6 only network, as I have with my cell phone. -
@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
Should the prefix ID here be set to 48 also?
No. On a /48, it could be anything between 0 & 65,535, your choice. You'd use a different number for each local network interface you have. For example, my main LAN is 0 and my guest WiFi is 3. I also have a VPN, which is 255.
-
@JKnott Sorry i miss spoke there, by default it is CG-NAT but as i couldn't host service to the world wide web i paid to get a static IP so not affected by the CG-NAT but wondered if affected IPv6.
I left networking several years ago because cisco licensing was getting ridiculus and seeing similar performance at a lower cost in HPE or Aruba kit was getting to much. Now i stick to Backups, RHEL and Windows Server.
So what do they mean by the router not sending a PD? I did briefly plug their router back in and it started working straight away but then plugged the pfsense back in.
-
@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
So what do they mean by the router not sending a PD? I did briefly plug their router back in and it started working straight away but then plugged the pfsense back in.
It means they're saying you're not requesting a prefix. However, here it is in the request packet:
Given it works sometimes and you're not changing anything, it's likely not a problem with pfSense. Also, the same info is in the reply packet, which means they received the request and responded to it.
Are you familiar with Wireshark? It's an excellent tool when resolving network problems. For something like this, you might want to leave it running and filtering on DHCP6. You can then create a history and see what changes when it fails. However, to do that, you'd need a data tap, as I describe. I used that when I was working on that problem 6 years ago.
-
@JKnott ah ok i see it now.
I am familar need to bust out my old Kali laptop (if i still have it) as not touched it in like 8 years and i'll have a play and ereport back.
-
It doesn't have to be a laptop. Any computer capable of running Wireshark will do.
-
This :
is related to your Lit Fibre IPv6 pfSense access ?
Or your phone ?
I presume your fiber access for now.If this is your pfSense, then your ISP told only half the situation : a device on your side (== pfSense= got an (one !) IPv6 ! the "2a10:bcc0:ccc:1::7e" (the /128 means : one (1) IP).
That's great, your pfSense can now communicate with the Internet using IPv6.
But only your pfSense.
Waaaay more important is, and I hope they just forgot to tell you that your pfSense did also request some prefixes.
To be exact : your pfSense, as per your instructions, is asking for /48 prefixes = 65535.
Now, /48 is the official, as stated by the RFC, the amount of prefixes to be made available to an ISP client. /48 means that you were asking for 65535 prefixes of /64 - recall that /64 means : 1 8446 744 073 709 551 616 individual IPv6 address per /64 = 1 prefix.
Each prefix can be assigned to one pfSense 'LAN' which means that a /48 can handle up to 65535 LAN's ....
These days, when a ISP give you 256 prefixes, or a /56, is already good enough to start with, and probably enough for some decades ^^ A /48 is also fine, and just huge.Useless extra info : the number "65535 x 1 8446 744 073 709 551 616" is bigger as the number of sand grains in the African Sahara.
So : set / check :
and restart your WAN connection.
Then have a look at the pfSense DHCP logs again.
Search for these :The process called "dhcp6c" is the one you're looking for and now you can see that it obtained a IPv6 for the WAN
and also the prefix negotiation.
You were asking for a /48.
What did you get ?If you got none, then it's fully understandable that your LANs don't have any IPv6 capabilities.
For Tracking to work, pfSense (dhcp6c) must obtain these prefixes.Does your ISP has any documentation ?
Do you use a ISP router ? And if so, does this router shows info ?
Mine (ISP router in front of pfSense) tells me :I can see the ISP router (LAN) IPv6.
The number of prefixes available = /56
The prefix that the ISP router has given to the attached router (== pfSense) : one /64 out of the /56.My pfSense was asking for one (1) /64, or :
-
@JKnott I'll see what i have kicking about to make a data tap on my switch (QNAP QSW-M2116P-2T2S)
-
So go home from the office today and walked into a pissed wife lol as the internet was dead, after a check it wasn't dead just not processing IPv4 so her mobile and work mobile stopped working and work laptop dropped too.
Appears that at some point today only IPv6 traffic worked and IPv4 was a no go so this just gets weirder.
First thing i did when i got is was boot up PC as it's wired and start recording bits.
First step was to check the internet was actually down
From this i could see it up but ping was using IPv6 so did an ipconfig to see if maybe i had no IP but this was fine, so the pfsense dashboard was checked.
All looked ok except I noticed that the LAN interface had no IPv6 address. At this point i thought i may as well run some of the test you suggested @Gertjan
Packet cap of the DHCP6 from pfsense
Now it's been 15 minutes since I did all that and guess what......... its all working.
I'm at a loss, i'm not touching anything apart from a router reboot, ISP are advising from a network point they can't see an issue and to plug the Calix RG router back in.
The topology is pretty simple:-
I'm in 2 minds.
- Try figure it out.
- Not piss off the wife
I'm hugely at a loss.
-
@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
I'm at a loss, i'm not touching anything apart from a router reboot, ISP are advising from a network point they can't see an issue and to plug the Calix RG router back in.
I still suspect it has something to do with merging the 2 ISPs.
I know it can be real FUN trying to get ISP support to admit they have a problem. Also, those 5 port switches are fairly cheap, so perhaps you can buy one if you don't already have something suitable.
-
@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
First step was to check the internet was actually down
Note these on an post-it :
ipconfig /all ipconfig /renew ipconfig /renew6The second renews the IPv4 lease. If it times out : DHCP4 isn't running ?
The third : IPv6 lease gets renewed. If error, DHCOPv6 server isn't running ? (or no more prefix for that LAN, etc)Be ware : IPv6 is default, so if "ping www.google.com" will use IPv6. Force it to use IPv4 by entering :
ping -4 www.google.comor the other way around :
ping -6 www.google.com@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
only IPv6 traffic worked and IPv4 was a no go
Welcome into 2025, Yes, DHCP4v should be stable right these days.
If any doubts, use the DHCPv4 server (on pfSense) that is known to be good : use ISC. You are using kea right now.kea works fine, I'm using it for month now, but I have the more recent 24.11 (and 25.03 now).
IMHO : If you have to offer your wife a depreciated (but 3 decades proven) DHCPv4 server, or a 'beta' (implementation) Kea, go for the first - or get a lawyer ^^